secrets

package
v10.267.19+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 27, 2020 License: Apache-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	CAPEM = `` /* 618-byte string literal not displayed */

	CAKeyPEM = `` /* 226-byte string literal not displayed */

	PrivateKeyPEM = `` /* 226-byte string literal not displayed */

	PublicPEM = `` /* 647-byte string literal not displayed */

)

Certs

Functions

func CreateTxtToken

func CreateTxtToken() []byte

CreateTxtToken creates a transmitter token

Types

type CompactPKI

type CompactPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
	TokenKeyPEMs  []*CompactPKIPublicKey
	Compressed    claimsheader.CompressionType
	// contains filtered or unexported fields
}

CompactPKI holds all PKI information

func NewCompactPKI

func NewCompactPKI(keyPEM []byte, certPEM []byte, caPEM []byte, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKI creates new secrets for PKI implementation based on compact encoding

func NewCompactPKIWithTokenCA

func NewCompactPKIWithTokenCA(keyPEM []byte, certPEM []byte, caPEM []byte, tokenKeyPEMs []*CompactPKIPublicKey, txKey []byte, compress claimsheader.CompressionType) (*CompactPKI, error)

NewCompactPKIWithTokenCA creates new secrets for PKI implementation based on compact encoding.

keyPEM: is the private key that will be used for signing tokens formated as a PEM file.
certPEM: is the public key that will be used formated as a PEM file.
tokenKeyPEMs: is a list of public keys that can be used to verify the public token that
              that is transmitted over the wire. These are essentially the public CA PEMs
              that were used to sign the txtKey
txKey: is the public key that is send over the wire.
compressionType: is packed with the secrets to indicate compression.

func (*CompactPKI) AckSize

func (p *CompactPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*CompactPKI) EncodingKey

func (p *CompactPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*CompactPKI) KeyAndClaims

func (p *CompactPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*CompactPKI) PublicKey

func (p *CompactPKI) PublicKey() interface{}

PublicKey returns the public key

func (*CompactPKI) PublicSecrets

func (p *CompactPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*CompactPKI) TransmittedKey

func (p *CompactPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*CompactPKI) Type

func (p *CompactPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type CompactPKIPublicKey

type CompactPKIPublicKey struct {
	PublicKey  []byte
	Controller *pkiverifier.PKIControllerInfo
}

CompactPKIPublicKey holds information about public keys

type CompactPKIPublicSecrets

type CompactPKIPublicSecrets struct {
	Type        PrivateSecretsType
	Key         []byte
	Certificate []byte
	CA          []byte
	TokenCAs    []*CompactPKIPublicKey
	Token       []byte
	Compressed  claimsheader.CompressionType
}

CompactPKIPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*CompactPKIPublicSecrets) CertAuthority

func (p *CompactPKIPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority

func (*CompactPKIPublicSecrets) SecretsType

SecretsType returns the type of secrets.

type LockedSecrets

type LockedSecrets interface {
	Secrets() (Secrets, func())
}

LockedSecrets provides a way to use secrets where shared read access is required. The user becomes responsible for unlocking when done using them. The implementation should lock the access to secrets for reading, and pass down the function for unlocking.

type NullPKI

type NullPKI struct {
	PrivateKeyPEM []byte
	PublicKeyPEM  []byte
	AuthorityPEM  []byte
}

NullPKI holds all PKI information

func NewNullPKI

func NewNullPKI(keyPEM, certPEM, caPEM []byte) (*NullPKI, error)

NewNullPKI creates new secrets for PKI implementation based on compact encoding

func (*NullPKI) AckSize

func (p *NullPKI) AckSize() uint32

AckSize returns the default size of an ACK packet

func (*NullPKI) EncodingKey

func (p *NullPKI) EncodingKey() interface{}

EncodingKey returns the private key

func (*NullPKI) KeyAndClaims

func (p *NullPKI) KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)

KeyAndClaims returns both the key and any attributes associated with the public key.

func (*NullPKI) PublicKey

func (p *NullPKI) PublicKey() interface{}

PublicKey returns nil in this case

func (*NullPKI) PublicSecrets

func (p *NullPKI) PublicSecrets() PublicSecrets

PublicSecrets returns the secrets that are marshallable over the RPC interface.

func (*NullPKI) TransmittedKey

func (p *NullPKI) TransmittedKey() []byte

TransmittedKey returns the PEM of the public key in the case of PKI if there is no certificate cache configured

func (*NullPKI) Type

func (p *NullPKI) Type() PrivateSecretsType

Type implements the interface Secrets

type NullPublicSecrets

type NullPublicSecrets struct {
	Type PrivateSecretsType
}

NullPublicSecrets includes all the secrets that can be transmitted over the RPC interface.

func (*NullPublicSecrets) CertAuthority

func (p *NullPublicSecrets) CertAuthority() []byte

CertAuthority returns the cert authority - N/A to PSK

func (*NullPublicSecrets) SecretsType

func (p *NullPublicSecrets) SecretsType() PrivateSecretsType

SecretsType returns the type of secrets.

type PrivateSecretsType

type PrivateSecretsType int

PrivateSecretsType identifies the different secrets that are supported

const (
	// PKICompactType is for asymetric signing using compact JWTs on the wire
	PKICompactType PrivateSecretsType = iota
	// PKINull is for debugging
	PKINull
)

type PublicKeyAdder

type PublicKeyAdder interface {

	// PublicKeyAdd adds the given cert for the given host.
	PublicKeyAdd(host string, cert []byte) error
}

PublicKeyAdder register a publicKey for a Node.

type PublicSecrets

type PublicSecrets interface {
	SecretsType() PrivateSecretsType
	CertAuthority() []byte
}

PublicSecrets is an interface of the data structures of the secrets that can be transmitted over the RPC interface to the remotes.

type Secrets

type Secrets interface {
	// Type must return the type of the secrets as defined in the PrivateSecretsType
	Type() PrivateSecretsType
	// EncodingKey returns the key used to encode the tokens.
	EncodingKey() interface{}
	// PublicKey returns the public ket of the secrets.
	PublicKey() interface{}
	// TransmittedKey returns the public key as a byte slice and as it is transmitted
	// on the wire.
	TransmittedKey() []byte
	// KeyAndClaims will verify the public key and return any claims that are part of the key.
	KeyAndClaims(pkey []byte) (interface{}, []string, time.Time, *pkiverifier.PKIControllerInfo, error)
	// AckSize calculates the size of the ACK packet based on the keys.
	AckSize() uint32
	// PublicSecrets returns the PEM formated secrets to be transmitted over the RPC interface.
	PublicSecrets() PublicSecrets
}

Secrets is an interface implementing secrets

func CreateCompactPKITestSecrets

func CreateCompactPKITestSecrets() (*x509.Certificate, Secrets, error)

CreateCompactPKITestSecrets creates test secrets

func NewSecrets

func NewSecrets(s PublicSecrets) (Secrets, error)

NewSecrets creates a new set of secrets based on the type.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL